Protecting software and other works from improper copying and use is a serious problem facing vendors of such property. Vendors of software products typically license their products to licensees of the products. The license has terms of use and often can only be activated or made fully functional when the licensee enters an alphanumeric license key, such as a hash license key, that “unlocks” the product, thereby enabling the product or the product's full feature set. A license may be issued to an individual user, or to an organization, such as a corporation, with many potential users. A license to an organization is often referred to as a volume license and the license key for a volume license a volume license key. Unfortunately, a traditional volume license key can be very difficult if not impossible to enforce for a number of reasons.
One reason a traditional volume license key is difficult to enforce is that the license key does not provide a way to validate the identity of the user of the license key. For example, a hash license key consists of a series of letters and numbers that, when entered by the user, are decrypted with a hash algorithm to determine whether the hash license key is a valid license key. Anyone who obtains the hash license key and the identity of the associated product may be able to enter the license key at the vendor's web site, for example, and, since the hash license key is valid, thereby gain access to use the product.
A hash license key can actually be quite easy to obtain. Licensees may intentionally or inadvertently divulge the license key. In a large corporate environment, for example, securing the license key may be particularly difficult. The corporation may be spread over a large geographic area and employ many users who could obtain access to the license key. Once a user obtains access to the license key, the user can pass it on to anyone (even unauthorized users) who will then be able to enable the licensed product with the license key. As a result, the licensee corporation may not be able to control who obtains license keys. Vendors to corporate licensees essentially take it on faith that the licensees will secure the license key from improper use.
In addition, license key generators are tools that rapidly generate alphanumeric sequences. License key generators are readily available to many users. Unscrupulous users can use a license key generator to rapidly and repeatedly generate sequences and enter the sequences into the license key validation mechanism, which will enable the product when the right sequence is entered. Whether improper access to a licensed product is the result of inadvertence on the part of the licensee or unscrupulous behavior, a fundamental flaw in traditional license keys is their inability to identify the user trying to enable the licensed product.
In an attempt to make traditional license keys more secure, vendors have made alphanumeric license keys longer. In general the longer the hash license key, the more secure the license key is. However, vendors also realize that licensees typically would rather not have to enter and keep track of extremely long alphanumeric sequences that make up license keys. To avoid imposing a large burden on customers, vendors typically limit the length of traditional license keys to relatively short lengths, making the license keys more easily determined by a license key generator. Therefore, licensed products are susceptible to improper access, despite traditional license key approaches toward preventing such improper access.